Install ca-certificates into container #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Deploy | |
| "on": | |
| - push | |
| env: | |
| IMAGE_REGISTRY: ${{ secrets.IMAGES_LOCATION }}-docker.pkg.dev/${{ secrets.IMAGES_PROJECT_ID }}/identity | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: TheHackerApp/setup-ssh@main | |
| with: | |
| private-key: ${{ secrets.SHIPYARD_SSH_KEY }} | |
| host: ssh.shipyard.rs | |
| - uses: TheHackerApp/setup-artifact-registry@main | |
| with: | |
| registries: ${{ secrets.IMAGES_LOCATION }}-docker.pkg.dev | |
| project_id: ${{ secrets.IMAGES_PROJECT_ID }} | |
| workload_identity_provider: ${{ secrets.IMAGES_WORKLOAD_IDENTITY_PROVIDER }} | |
| - uses: docker/metadata-action@v5 | |
| id: meta | |
| with: | |
| images: ${{ env.IMAGE_REGISTRY }}/service | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=sha,prefix=deploy-,enable={{is_default_branch}} | |
| type=sha | |
| - uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| sbom: true | |
| provenance: mode=max | |
| secrets: | | |
| shipyard-token=${{ secrets.SHIPYARD_TOKEN }} | |
| ssh: | | |
| default=${{ env.SSH_AUTH_SOCK }} | |
| platforms: linux/amd64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| cache-to: type=gha,mode=max | |
| cache-from: type=gha | |
| composition: | |
| name: Check Schema Composition | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Hive CLI | |
| run: curl -sSL https://graphql-hive.com/install.sh | sh | |
| - run: hive schema:check ./schema.graphql --github --service identity | |
| env: | |
| HIVE_TOKEN: ${{ secrets.HIVE_TOKEN }} | |
| launch: | |
| name: Launch | |
| runs-on: ubuntu-22.04 | |
| if: github.ref == 'refs/heads/main' | |
| needs: | |
| - build | |
| - composition | |
| concurrency: | |
| group: deploy-launch | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: superfly/flyctl-actions/setup-flyctl@v1 | |
| - name: Generate commit SHA | |
| id: sha | |
| run: echo "value=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" | |
| - run: flyctl deploy --remote-only --image ${{ env.IMAGE_REGISTRY }}/service:deploy-${{ steps.sha.outputs.value }} | |
| env: | |
| FLY_API_TOKEN: ${{ secrets.FLY_DEPLOY_TOKEN }} | |
| supergraph: | |
| name: Update Supergraph | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - launch | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install Hive CLI | |
| run: curl -sSL https://graphql-hive.com/install.sh | sh | |
| - run: | | |
| hive schema:publish ./schema.graphql \ | |
| --github \ | |
| --service identity \ | |
| --url http://tha-identity.flycast:4243/graphql | |
| env: | |
| HIVE_TOKEN: ${{ secrets.HIVE_TOKEN }} |